Message security in PubSubconcerns integrity and confidentiality of the published message payload. The level of security can be:

  • No security
  • Signing but no encryption
  • Signing and encryption

Message security is end-to-end security (from Publisherto Subscriber) and requires common knowledge of the cryptographic keys necessary to sign and encrypt on the Publisherside as well as validate signature and decrypt on the Subscriberside.

The keys used for message security are managed in the context of a SecurityGroup. The basic concepts of a SecurityGroupare described in 5.3.7.

This standard defines a general distribution framework for cryptographic keys. This framework is introduced in 5.4.3.

All parameters that are relevant for message security are described in 6.2.4. These parameters are independent of any Brokerlevel transport security.

The message security for PubSubis independent of the transport protocol mapping and is completely defined by OPC UA.